Submission Details
Severity:
Fixed fee level is used when swap tokens on Uniswap
Summary
Fixed fee level is used when swapping tokens on Uniswap.
Vulnerability Details
In the SmartVaultV3 contract, the swap function is employed to swap loan tokens for collateral tokens from liquidations. When constructing ISwapRouter.ExactInputSingleParams, a fixed fee level of 3000 (0.3%) is utilized. However, not all pools in Uniswap are created with a fee level of 3000.
function swap(bytes32 _inToken, bytes32 _outToken, uint256 _amount) external onlyOwner {
// ... (existing code)
ISwapRouter.ExactInputSingleParams memory params = ISwapRouter.ExactInputSingleParams({
// ... (existing parameters)
fee: 3000, // Fixed fee level
});
// ... (existing code)
}
Impact
Using a fixed fee level when swapping tokens may lead to some fee tokens being locked in the contract.
Tools Used
Manual Review.
Recommendations
Pass fee as function parameter
- function swap(bytes32 _inToken, bytes32 _outToken, uint256 _amount) external onlyOwner {
+ function swap(bytes32 _inToken, bytes32 _outToken, uint256 _amount, uint24 fee) external onlyOwner {
- fee: 3000,
+ fee: fee,
Prize pool breakdown
Total prize
20,000 USDC
nSLOC
60933 USDC / LOC
17,500 USDC
2,500 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.